设置桶策略
功能介绍
该接口的实现使用policy子资源创建或者修改一个桶的策略。如果桶已经存在一个策略,那么当前请求中的策略将完全覆盖桶中现存的策略。单个桶的桶策略条数(statement)没有限制,但一个桶中所有桶策略的JSON描述总大小不能超过20KB。
要使用该接口,使用者要求必须是桶的所有者,或者是桶所有者的子用户且具有设置桶策略的权限。
请求消息样式
1 2 3 4 5 |
PUT /?policy HTTP/1.1 Host: bucketname.obs.region.example.com Date: date Authorization: signatureValue Policy written in JSON |
请求消息参数
该请求消息中不使用消息参数。
请求消息头
该请求使用公共消息头,具体请参见表3。
请求消息元素
请求消息体是一个符合JSON格式的字符串,包含了桶策略的信息。
响应消息样式
1 2 3 |
HTTP/1.1 status_code Date: date Content-Length: length |
响应消息头
该请求的响应消息使用公共消息头,具体请参考表1。
响应消息元素
该请求的响应消息中不带有响应元素。
错误响应消息
无特殊错误,所有错误已经包含在表2中。
请求示例 1
向OBS租户授予权限
给租户ID为783fc6652cf246c096ea836694f71855的租户授权。
如何获取租户ID请参考获取账号ID和用户ID。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
PUT /?policy HTTP/1.1 Host: examplebucket.obs.region.example.com Date: WED, 01 Jul 2015 02:32:25 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA= { "Statement": [ { "Sid": "Stmt1375240018061", "Action": [ "GetBucketLogging" ], "Effect": "Allow", "Resource": "logging.bucket", "Principal": { "ID": [ "domain/783fc6652cf246c096ea836694f71855:user/*" ] } } ] } |
响应示例 1
1 2 3 4 5 6 |
HTTP/1.1 204 No Content x-obs-request-id: 7B6DFC9BC71DD58B061285551605709 x-obs-id-2: N0I2REZDOUJDNzFERDU4QjA2MTI4NTU1MTYwNTcwOUFBQUFBQUFBYmJiYmJiYmJD Date: WED, 01 Jul 2015 02:32:25 GMT Content-Length: 0 Server: OBS |
请求示例 2
向OBS用户授予权限
用户ID为71f3901173514e6988115ea2c26d1999,用户所属租户ID为783fc6652cf246c096ea836694f71855。
如何获取租户ID和用户ID请参考获取账号ID和用户ID。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
PUT /?policy HTTP/1.1 Host: examplebucket.obs.region.example.com Date: WED, 01 Jul 2015 02:33:28 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA= { "Statement": [ { "Sid": "Stmt1375240018062", "Action": [ "PutBucketLogging" ], "Effect": "Allow", "Resource": "examplebucket", "Principal": { "ID": [ "domain/783fc6652cf246c096ea836694f71855:user/71f3901173514e6988115ea2c26d1999" ] } } ] } |
响应示例 2
1 2 3 4 5 6 |
HTTP/1.1 204 No Content x-obs-request-id: 7B6DFC9BC71DD58B061285551605709 x-obs-id-2: N0I2REZDOUJDNzFERDU4QjA2MTI4NTU1MTYwNTcwOUFBQUFBQUFBYmJiYmJiYmJD Date: WED, 01 Jul 2015 02:33:28 GMT Content-Length: 0 Server: OBS |
请求示例 3
拒绝除了某个指定OBS用户的其他用户执行所有操作
用户ID为71f3901173514e6988115ea2c26d1999,用户所属租户ID为783fc6652cf246c096ea836694f71855。
如何获取租户ID和用户ID请参考获取账号ID和用户ID。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
PUT /?policy HTTP/1.1 Host: examplebucket.obs.region.example.com Date: WED, 01 Jul 2015 02:34:34 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA= { "Statement": [ { "Effect": "Deny", "Action": ["*"], "Resource": [ "examplebucket/*", "examplebucket" ], "NotPrincipal": { "ID": [ "domain/783fc6652cf246c096ea836694f71855:user/71f3901173514e6988115ea2c26d1999", "domain/783fc6652cf246c096ea836694f71855" ] } } ] } |
响应示例 3
1 2 3 4 5 6 |
HTTP/1.1 204 No Content x-obs-request-id: A603000001604A7DFE4A4AF31E301891 x-obs-id-2: BKOvGmTlt6sda5X4G89PuMO4fabObGYmnpRGkaMba1LqPt0fCACEuCMllAObRK1n Date: WED, 01 Jul 2015 02:34:34 GMT Content-Length: 0 Server: OBS |
请求示例 4
拒绝除了某个指定的域名和不带referer头域的外链请求以实现防盗链白名单
防盗链白名单:http://storage.example.com
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
PUT /?policy HTTP/1.1 Host: examplebucket.obs.region.example.com Date: WED, 01 Jul 2015 02:34:34 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA= { "Statement": [{ "Effect": "Deny", "Action": [ "GetObject", "GetObjectVersion" ], "Principal": { "ID": ["*"] }, "Resource": ["examplebucket/*"], "Condition": { "StringNotLike": { "Referer": [ "http://storage.example.com*", "${null}" ] } } }] } |
响应示例 4
1 2 3 4 5 6 |
HTTP/1.1 204 No Content x-obs-request-id: A603000001604A7DFE4A4AF31E301891 x-obs-id-2: BKOvGmTlt6sda5X4G89PuMO4fabObGYmnpRGkaMba1LqPt0fCACEuCMllAObRK1n Date: WED, 01 Jul 2015 02:34:34 GMT Content-Length: 0 Server: OBS |